Policy Compliance Library Updates, April 2025
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.
Qualys’ Certification Page at CIS has been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmarks policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. This reduces the risk of cyberattacks like data breaches by leveraging industry best practices.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). This equips them with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks safeguarding sensitive data and ensuring privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in April 2025:
| CIS Benchmark Policies | 19 |
| DISA STIG Policy | 9 |
| Industry Best Practices Policy | 4 |
| New Supported Mandates | |
| Deprecated Mandates |
Listed below are the newly published policies and mandates:
| CIS Benchmark Policies | • CIS Ubuntu Linux 20.04 LTS STIG, v2.0.0 • CIS Benchmark for Alma Linux OS 9, v2.0.0 • CIS Benchmark for SUSE Linux Enterprise 12.x, v3.2.0 • CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.4.0 MySQL RDBMS • CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.4.0 MySQL RDBMS on Linux • CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.4.0, All Profiles • CIS Benchmark for Oracle MySQL Community Edition 8.0, v1.1.0 MySQL RDBMS on Linux • CIS Benchmark for Oracle MySQL Community Edition 8.0, v1.1.0 MySQL RDBMS • CIS Benchmark for Oracle MySQL Community Edition 8.0, v1.1.0, All Profiles • CIS Benchmark for Apache Tomcat 11, v1.0.0CIS Benchmark for Microsoft Windows Server 2019, v3.0.1 • CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.3.0, Spanish • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v3.0.0, Spanish • CIS Benchmark for Microsoft Windows Server 2016, v3.0.0, Spanish • CIS Benchmark for Microsoft Windows Server 2025, v1.0.0. • CIS Benchmark for Ubuntu Linux 18.04 LTS, v2.2.0 • CIS Benchmark for RedHat OpenShift Container Platform, v1.7.0 • CIS Benchmark for NGINX v2.1.0CIS Benchmark for Cisco IOS XE 17.x, v2.1.1 |
| DISA STIG Policies | • DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 (Monterey), V1R9 • DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V3R3 • DISA Security Technical Implementation Guide (STIG) for Windows 10, V3R4 • DISA Security Technical Implementation Guide (STIG) for VMware vSphere ESXi 7.0, V1R3 • DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R1 • DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R10 • DISA Security Technical Implementation Guide (STIG) for Microsoft Internet Explorer 11, V2R5 • DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V2R2 • DISA Security Technical Implementation Guide (STIG) for Apple macOS 14 (Sonoma), V2R3 |
| Industry and Best Practices Policies | • Security Configuration and Compliance Policy for Nokia SROS • Security Configuration and Compliance Policy for ApconTap 4K Switch • Security Configuration and Compliance Policy for Azure Database Services • Safeguard Computer Security Evaluation Matrix for Apache HTTP Server 2.4 |
| New Supported Mandates | |
| Deprecated mandates |
Deprecated Policies
- CIS Ubuntu Linux 20.04 LTS STIG, v1.0.0
- CIS Benchmark for Ubuntu Linux 18.04 LTS, v2.1.0
- CIS Benchmark for RedHat OpenShift Container Platform, v1.5.0
- CIS Benchmark for RedHat OpenShift Container Platform, v1.3.0
- CIS Benchmark for NGINX v2.1.0
- DISA Security Technical Implementation Guide (STIG) for VMware vSphere ESXi 7.0, V1R2
- DISA Security Technical Implementation Guide (STIG) for Windows 10, V3R2
- DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R1
- DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R9
- DISA Security Technical Implementation Guide (STIG) for Microsoft Internet Explorer 11, V2R3
- DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R7
- CIS Benchmark for Cisco IOS XE 17.x, v2.1.0
- CIS Benchmark for Cisco IOS 17.x, v2.0.0
- CIS Benchmark for Alma Linux 9, v1.0.0
- DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 (Monterey), V1R7
- DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V3R1
- CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.3.0 MySQL RDBMS
- CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.3.0 MySQL RDBMS on Linux
- CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.3.0 MySQL RDBMS on Linux and MySQL RDBMS
- CIS Benchmark for Oracle MySQL Community Edition 8.0, v1.0.0 MySQL RDBMS
- CIS Benchmark for Oracle MySQL Community Edition 8.0, v1.0.0 MySQL RDBMS on Linux
- CIS Benchmark for Oracle MySQL Community Edition 8.0, v1.0.0 MySQL RDBMS on Linux and MySQL RDBMS
- Security Configuration and Compliance Policy for Apache Tomcat 11.x
- CIS Benchmark for Microsoft Windows Server 2019, v3.0.0
- Security Configuration and Compliance Policy for Windows Server 2025
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
| Policy | Update |
| CIS Benchmark for CentOS Linux 7, v4.0.0 | Policy re-release for CIS Benchmark for CentOS Linux 7, v4.0.0. |
| DISA Security Technical Implementation Guide (STIG) for IBM WebSphere Liberty Server, V1R2 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for IBM WebSphere Liberty Server, V1R2. |
| CIS IBM WebSphere Liberty Benchmark v1.0.0 | Policy re-release for CIS IBM WebSphere Liberty Benchmark v1.0.0. |
| CIS Benchmark for Microsoft Windows Server 2016, v3.0.0, Spanish | Policy re-release for CIS Benchmark for Microsoft Windows Server 2016, v3.0.0, Spanish. |
| CIS Benchmark for Microsoft Windows Server 2012 R2 DC, v3.0.0, Spanish | Policy re-release for CIS Benchmark for Microsoft Windows Server 2012 R2 DC, v3.0.0, Spanish. |
| CIS Benchmark for Microsoft Windows Server 2012 R2 MS, v3.0.0, Spanish. | Policy re-release for CIS Benchmark for Microsoft Windows Server 2012 R2 MS, v3.0.0, Spanish. |
| CIS Benchmark for Amazon Linux 2, v3.0.0 | Re-release for CIS Benchmark for Amazon Linux 2, v3.0.0 to update the CID changes. |
| NIST 800-53 Rev 5 for Network Devices | Re-release for NIST 800-53 Rev 4/5 for Network Devices |
| DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V3R3 | Re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V3R3. |
| DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R2 | Re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R2 |
| CIS Benchmark for Juniper OS, v2.1.0 | Re-release for CIS Benchmark for Juniper OS, v2.1.0, to change the regular expression value of CID 8461. |
| CIS Benchmark for Bottlerocket Benchmark, v1.0.0 | Re-release for CIS Benchmark for Bottlerocket Benchmark, v1.0.0, to update the “regular expression list” instead of “string list” in CID 14401. |
| DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V2R2 | Re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V2R2 to replace 27228 with CID 28588. |
| CIS Benchmark for Cisco IOS XE 17.x, v2.1.0 | Re-release for CIS Benchmark for Cisco IOS XE 17.x, v2.1.0 to change the regular expressions in CID 4366. |
| CIS Benchmark for Palo Alto Firewall 11, v1.1.0 | Re-release for CIS Benchmark for Palo Alto Firewall 11, v1.1.0 to update the regular expression. |
| CIS Benchmark for MongoDB 4, v1.0.0 | Re-release for CIS Benchmark for MongoDB 4, v1.0.0 to change the regular expressions for 11838. |
| CIS Benchmark for MongoDB 3.4, v1.0.0 | Re-release for CIS Benchmark for MongoDB 3.4, v1.0.0 to change the regular expressions for 11838. |
| CIS Benchmark for MongoDB 3.6, v1.1.0 | Re-release for CIS Benchmark for MongoDB 3.6, v1.1.0 to change the regular expressions for 11838. |
| CIS Benchmark for MongoDB 5, v1.2.0 | Re-release for CIS Benchmark for MongoDB 5, v1.2.0 to change the regular expressions for 11838. |
| CIS Benchmark for MongoDB 6, v1.2.0 | Re-release for CIS Benchmark for MongoDB 6, v1.2.0 to change the regular expressions for 11838. |
| CIS Benchmark for MongoDB 7, v1.1.0 | Re-release for CIS Benchmark for MongoDB 7, v1.1.0 to change the regular expressions for 11838. |
| CIS Benchmark for Debian Linux 11, v1.0.0 | Re-release for CIS Benchmark for Debian Linux 11, v1.0.0 to change the regular expression for CID 1778. |
| Qualys S&C Policy for Aruba EdgeConnect OS 9.x | Re-release for Qualys S&C Policy for Aruba EdgeConnect OS 9.x to make multiple changes in CIDs. |
| CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 to replace 25478 and 25490 with 28818 and 28819. |
| CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0 to update regular expression in 26995. |
| CIS Benchmark for Oracle Linux 7, v4.0.0 | Re-release for CIS Benchmark for Oracle Linux 7, v4.0.0 to replace 8889 with 29158. |
| CIS IBM WebSphere Liberty Benchmark v1.0.0 | Re-release for CIS IBM WebSphere Liberty Benchmark v1.0.0 to update the regular expression of CID 24295. |
| CIS Benchmark for Apache Tomcat 9, v1.2.0 | Re-release for CIS Benchmark for Apache Tomcat 9, v1.2.0 to: • Update the regular expression of CID 9563 • Configure the regular expression of CID 9481 • Update the regular expression of CID 9480 • Update the regular expression of CID 20349 • Update the regular expression of multiple CID |
| CIS Benchmark for Apache Tomcat 7 v.1.1.0 | Re-release for CIS Benchmark for Apache Tomcat 7 v.1.1.0 to: • Update the regular expression of CID 9563 • Configure the regular expression of CID 9481 • Update the regular expression of CID 9480 • Update the regular expression of CID 20349 • Update the regular expression of multiple CID |
| CIS Benchmark for Apache Tomcat 8, v1.1.0 | Re-release for CIS Benchmark for Apache Tomcat 8, v1.1.0 to: • Update the regular expression of CID 9563 • Configure the regular expression of CID 9481 • Update the regular expression of CID 9480 • Update the regular expression of CID 20349 • Update the regular expression of multiple CID |
| CIS Benchmark for Apache Tomcat 10, v1.1.0 | Re-release for CIS Benchmark for Apache Tomcat 10, v1.1.0 to: • Update the regular expression of CID 9563 • Configure the regular expression of CID 9481 • Update the regular expression of CID 9480 • Update the regular expression of CID 20349 • Update the regular expression of multiple CID |
| CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 to: • Replace CID 22176 with CID 18597 • Replace CID 22176 with CID 18597 • Replace CID 29672 with CID 11628 • Replace CID 29673 with CID 11629 • Update the regular expressions of CID 28581 |
| DISA Security Technical Implementation Guide (STIG) for Mozilla FireFox, V6R5 | Re-release for DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox, V6R5. |
| CIS Benchmark for Apple macOS 15 Sequoia v1.0.0 | Re-release for CIS Benchmark for Apple macOS 15 Sequoia v1.0.0 to fix the regular expressions of CIDs 25011, 25012, and 25013. |
| CIS Benchmark for CentOS Linux 7, v4.0.0 | Re-release for CIS Benchmark for CentOS Linux 7, v4.0.0 to replace 10663 and 13138 with 28117. |
| CIS Benchmark for Amazon Linux STIG 2, v2.0.0 | Re-release for CIS Benchmark for Amazon Linux STIG 2, v2.0.0 to update the regular expression. |
| CIS Benchmark for Check Point Firewall v1.1.0 | Re-release for CIS Benchmark for Check Point Firewall v1.1.0 to update the regular expression. |
| CIS Benchmark for SUSE Linux Enterprise 12.x, v3.2.0 | Re-release for CIS Benchmark for SUSE Linux Enterprise 12.x, v3.2.0 to fix the cardinality of CID 10684. |
| CIS Benchmark for Amazon Linux 2023, v1.0.0 | Re-release for CIS Benchmark for Amazon Linux 2023, v1.0.0 |
| CIS Benchmark for Microsoft IIS 10, v1.2.1 | Re-release for CIS Benchmark for Microsoft IIS 10, v1.2.1 to update the regular expression of CID 10753. |
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- CIS Google Container-Optimized OS Benchmark v1.2.0
- DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 8, V2R3
- Australian Signals Directorate (ASD) Hardening Microsoft 365, Office 2021, Office 2019 and Office 2016
- CIS Microsoft Windows Server 2008 R2 Benchmark, v3.3.1
- CIS Microsoft Windows Server 2008 (non-R2) Benchmark, v3.3.1
- CIS Benchmark for Microsoft IIS 10, v1.2.1, Spanish
- CIS Microsoft Windows 11 Enterprise Benchmark, v4.0.0
- CIS Ubuntu Linux 20.04 LTS Benchmark, v3.0.0
- CIS Cisco NX-OS Benchmark, v1.2.0
- CIS VMware ESXi 8.0 Benchmark, v1.2.0
- Security Configuration & Compliance Policy for Nutanix
Learn More
Discover how Qualys Enterprise TruRisk Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more here.
Additional Information
Feel free to contact your TAM or Qualys Technical Support if you have questions.
Find all policy library updates here.
Check out Qualys’ updated Certification Page at CIS here.